Have U Been Invited (episode 2)? - macOS logic bugs

Presented at Disobey 2024, Feb. 17, 2024, 7 p.m. (30 minutes).

In this presentation I will tell my story how I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment.This will directly lead to arbitrary code execution. I will demonstrate how this can be combined with Gatekeeper evasion and TCC evasion with Photos to compromise user sensitive Photos iCloud data. First part of the vulnerability chain was covered on my presentation at Disobey 2023. Now with macOS Sonoma, all the chained vulnerabilities are fixed and I can finally share all the details.

Presenters:

• Mikko Kenttälä (Turmio)
  Since I remember, I have hacked, built and broken stuff, and that landed me a career in cybersecurity over 10 years ago. I have done technical security audits, hunted bug bounties, and now also built security products as CEO of SensorFu. Hacking still makes me happy, I enjoy blue and red teaming in exercises, and I am interested in defending electronic freedoms and privacy in our digital society.

Links:

• https://disobey.fi/2024/profile/disobey2024-158-have-u-been-invited-episode-2-macos-logic-bugs

Similar Presentations:

• DEF CON 30 (2022) / Process injection: breaking all macOS security layers with a single vulnerability
• Objective by the Sea version 5.0 (2022) / Process Injection: Breaking all macOS Security Layers with a Single Vulnerability
• Disobey 2023 / Have U Been Invited? My journey to find and chain macOS vulns